Healthcare is already more expensive and less comprehensive every year, without the ACA. That's a result of a bunch of individuals with insufficient buying power to actually drive down prices, yet stuck in situations (healthcare isn't a luxury when you're sick -- people would always rather go bankrupt than not get care) they have varying control over (you can control your food intake, but the way diseases spread, or your genetic makeup, or the way society has dealt with toxins and mutagens are beyond your practical control)... trying to get help. I'm sorry that the free market didn't automatically adjust to provide us all with cheap good healthcare. There are niches within the marketplace that the Invisible Hand can't always fix, because the right pressures and options just don't exist. And we already help the poor -- the ACA just makes it more efficient to do what we're already doing.
Equal protection. We write a law that affects "everyone" but only changes things for some. Most people stay on their current insurance, no real change.
The ACA exchanges are specifically designed to (a) help people buy in larger pools for discounts and (b) induce competition between insurance companies, to reduce prices. Where we don't have as much pressure is in healthcare, because people are not naturally inclined to go to a physician billing himself as the cheapest on the block. We as patients don't know how to evaluate the quality of the care we get, or its value, so we cannot effectively price the services we buy.
Do we have data showing that penalty clauses either (a) guarantee good rollouts or (b) make the process of getting to a good roll-out [eventually] cheaper? It works like insurance, so you wind up paying for it up-front in the contract anyway...
Also, do we have details on what's going wrong or why? I keep seeing headlines frothing at the mouth, but am given short-shrift on details. Things like:
In a blog post, the Department of Health and Human Services said some users of HealthCare.gov "have had trouble creating accounts and logging in to the site, while others have received confusing error messages, or had to wait for slow page loads or forms that failed to respond in a timely fashion."
O...kay?
In other news, Facebook took an outage. They have plenty of incentives to keep their stuff up. Where's the outrage?
What about those of us living in neighborhoods already equipped with clusters? (Oddly, about half the houses were built with curbside boxes too, probably more for looks than anything.) How do the disabled who live in such neighborhoods, which already exist today all around the country, manage? Answer this, and you've answered yourself.
In any case this doesn't change the old fact that a self-signed cert is at least as good as an unsecured connection and browsers should stop throwing a shit-fit when they run into one.
If you think browsers should instead always notify you when using a trusted CA-signed cert ("Congratulations! This site appears to actually be legit!"), with the default for self-signed and unencrypted communications being silence, yeah, I can kinda see your point. You should default to paranoia, right?
Otherwise, no; the warning issued on self-signed certs is useful because the browser doesn't know ahead of time whether a given site ought to have a CA-signed cert or not; assuming that most will, this is your first clue that your connection to amazon.com may have been compromised by a MitM attack, and what they thought was a secure channel for payment information is not only potentially vulnerable to snooping or modification, but probably being specifically hijacked for some nefarious purpose. That's some important stuff right there.
Self-signed is only fine if the client and server are in a trusted environment, exactly the environment where pre-shared keys are a possibility, so you should have loaded that cert into your client before attempting the connection.
Barring that, and in the 99% of cases where clients are talking to servers out on the wide-open internet, CA's and the warning against self-signed certs serve a very good purpose -- preventing man in the middle attacks during handshake.
If anyone (your ISP and the NSA included) hijacks your initial connection, proxies it, and substitutes their own cert, you need a way to know whether that cert is really from the destination site, or a phony. That's exactly the problem CAs solve. (Other solutions include "web of trust", pre-sharing all important keys, concensus methods, etc.)
At worst, this news means that it's possible NSA (but probably nobody else) has been able to decrypt legitimately encrypted traffic (no MitM attack with substituted keys, just a tap using the real ones) for some services, or if they have CA keys, might have been able to issue their own legit-looking certs, which with some additional work, could have enabled them to perform MitM attacks on arbitrary sites and all of their users.
But this does not mean that self-signed certs are just as good as CA-backed ones in a general sense; if you rely on those, without pre-sharing keys with all clients, then all clients are vulnerable to MitM attacks from anyone with access to modify the communication channel, not just the NSA. And considering the known issues with insecure DNS, that's a much wider field of potential attacks.
all-encompassing system of control, that proceeds from the top of the pyramid down to its base
I feel this statement unduly absolves us as a society from blame for our own surveillance state -- as if we hadn't clamored for safety, as if we hadn't spouted off about having nothing to hide, as if we hadn't secretly distrusted anyone using encryption, anonymous account, or trying to live "off the grid", as if we hadn't openly derided the boys who cried wolf about the coming panopticon. Do you think something of this magnitude is simply ordered from "the top"? We asked for this. The only thing you can complain about is that the people we elected (and those they appointed or hired) to do our bidding, in an effort to more completely obey us, didn't tell us what they were doing. It's like hiring a hitman and having him tell you it's better that you not know the details of the hit you've paid for.
I don't think this is a pyramid. This is an hourglass, or a pinched torus -- we all sit on top of the government, down to a single point of control; which then sits on top of an expanding mass of surveillance state that sits in/on/around all of us. Unless of course you buy into the idea that our elections are rigged, that it's all been run by a cabal for decades/centuries/millenia, etc.
But I think it's much simpler to accept that we did this to ourselves. It doesn't take a roomful of geniuses working secretly, it just takes a nation of average Joe's being themselves. Design by committee, of millions.
Your explanation is fine, but your example is wrong. The silent 'z' in this case would never make the "liaison". But a silent 't' or 's' might. "Ils sont abondants" would likely be said "ilsontabondan".
As far as I can tell, the goal of CORS was purely to prevent someone from repurposing your browser when you visit site X and using your existing SSO/cookies to make authenticated AJAX calls to site Y.
It doesn't set out to address data-leakage that can occur from script injection into Y, where AJAX calls to X might be embedded so as to export your private data (you can guarantee site X will set a * allow-origin header, and Y's opinion is not sought.) It also doesn't prevent attacks from random web clients who can set their own arbitrary request headers. Nothing prevents you from setting up a proxy-server that changes the origin headers, to grant the whole Internet access to a resource someone wanted to be "only from their own website".
It's a neat little hack, with a very specific goal, which I've found to be poorly explained. People easily get the wrong idea about what CORS was intended to do, and rely on it for more than they should.
But it's been that way, no? There's a reason that religious dominions, for example, have historically been tightly aligned with political and geographical borders. We lived in communities that essentially didn't know any better, and what they suspected, could easily ignore. I think what causes unrest now is that it actually does take some effort to ignore those other voices; reblogs, ads, etc. keep pushing, in small quantities, opinions we disagree with. We socialized with people during the age of political correctness, only to later discover that we didn't agree with them as much as we thought -- but now we can't just back out. We're trying hard to put our blinders on, and although we don't have a great mixing and homogenization machine in the sky to force us to all see each others' points of view, we get hints, constantly. And it's an irritant, we're on edge, we're in fight-or-flight mode all the time, because we're being attacked, we're sliding down a slippery slope, we're losing the war for our country, there's a tidal surge coming, the end is near, "they" are on our doorstep. We still have that "us vs them" mentality, but now it's being continuously challenged, just enough to make us angry.
a) Our political dialogue is dominated by sound-bites and trite name-calling. Undecided voters are swung by the stupidest things, while the party loyalists can't be swayed even by the best arguments. All you'll get, when you try to have a sane conversation about policy, is stereotypes, generalizations, exaggerations and spin. The fact that someone actually says what they're thinking is just a rare glimpse into how reductionist we are when it comes to politics. We don't have time for all the details. We can't even remember all of them, to even begin to manipulate them into logical thoughts. We must take shortcuts. Once we've heard enough from someone, we just rubber-stamp it with either "awesome" or "fucking stupid", and file it away forever, never to be reconsidered. We have to, because time is short, and there are more important things in life, like food and shelter.
b) Have you tried arguing with religious folks, on a basis of pure logic & fact? It doesn't work. Faith prevents it; faith is the great escape route, the great shield. Any argument you don't like can be avoided or circumvented or overcome (in your own mind) thanks to faith. It's a get-out-of-jail-free card. It's already hard enough (nigh impossible) to convince (forcibly) someone of something logically, when they're set against it, even when they have no faith to fall back on (they can always just "fail to see your point" or "not be convinced yet".) But when they do have faith? It's pointless to even try. You'll just frustrate yourself. So after a while of trying, experience teaches you to stop hurting yourself. Stop bashing your head against a brick wall. Call a spade a spade, and call batshit-crazy religions exactly what they are: batshit-crazy. And be done with it. There's no logical counter-argument to it, so you might as well. It's not an issue of being lazy or incompetent or malicious or cowardly or inconsiderate, just efficient.
It's easy to be concerned about encryption and authentication in a general sense, but no solutions are being offered that would make any sense. For encryption, who holds which keys? At best, you have thousands of planes flying around with public keys, and hundreds of airports with the private keys? Leaks are bound to happen. Or you use lots of individual keys -- at which point you're likely to have leaks AND synchronization issues, where a tower can't read data from a plane because the key's not in the system. Do you use signing, with towers accepting signed (via chain) certificates from planes they've not seen before? Sure, thankfully the CA system has never failed us, and with so many devices on the market, all assigned valid keys to be useful, you've got craptons of valid keys floating around. Pretty soon, it's like credit-cards, with keys sold in large quantities on the black market. At best, encryption maybe gives you some privacy, which as others have pointed out, the system was never intended to provide. It might also, with uniqueness, prevent a single key from generating more than one ghost at a time, reducing the possible impact; but even a single ghost, properly placed, could cause havoc. For authentication, you have the same issue as a huge corporate network of users -- either the airplanes themselves, or the pilots -- but regardless, the password management on that looks just as horrid as the key management. It's not a simple matter of encrypting and authenticating. It's a complex matter of encrypting and authenticating, if that's even desired. The FAA clearly feels it's better to go with heuristic data-scrubbing than to try to enforce a rigid, brittle security scheme that could be silently broken. (Will they notice a single ghost, here and there, causing mischief? What will they do about it? Will the controller who notices be responsible for trying to figure it out, distracting her from important duties? There are useful attacks other than "flood the whole gorram radar display".)
FYI, Google has no idea what you're talking about. The thread is OT anyway, but a link would have been nice, so we can laugh with you. Instead it looks like you either misremember, or never knew what you were talking about in the first place.
The problem is the evolving meaning of the term "socialism". Yes, the threat of force is directly tied to government (of any political stripe), and the association then has to be made with socialism. Is there a difference between requiring people to pay taxes to fund government services? Armed forces? Public roads? Research grants? Education? Healthcare? Retirements? Welfare? At various times, we've drawn a line in the sand and said "beyond lies Socialism", but yes, it's arbitrary. Is it not socialism to "force" people to pool their money to collectively pay for (own) military protection? It's a difference of degree.
The GP's distinction, though, was more absolutist that that: charity (entirely voluntary) vs. compulsion. Whether or not you term it Socialism, for him, it's any coercion at all. It might have been more accurate to say Government, but the word doesn't carry the implication of money redistribution, it's too vague on that point of "how" it achieves its goals. Could you have a government that, without collecting any taxes or running any programs itself, and with no threat of violence, still somehow coordinates the actions of entirely independent agents? In the current world, all governments are to some degree socialist, so it's maybe not unfair for him to use the term.
Personally, though? I find that people are always in favor of encouraging their neighbors to be charitable, while they themselves wait for the government to come and force them. I don't trust people, but I do care about them, and I'd rather have a solution with a budget, stable planned income, and prioritization of the expenditures. And, I guess, the threat of violence. For the sake of the children.
I love people who follow a known character* like Takei:
Monday: OMG, so funny Tuesday: OMG, so funny, send links to friends Wednesday: OMG, still so funny Thursday: OMFG, offensive! REPORT HIM! TAKE HIM AWAY! BURN IT ALL DOWN! Friday: OMG, so funny
I'm not much for the GP's line of thought, but as to your point: you're no less in prison under restraint and threat if you decide to adopt a zen-like view of it, appreciate the beauty of bare concrete, and fully internalize the usefulness of isolation. Just because you don't choose to test the boundaries of your cage doesn't mean it's not there. The fact that you "pay your taxes" indicates to me that you're just staying barely inside the boundaries: do you pay extra? Do you skip the math, and just send them a check for however much you think the services are worth? Even if you voluntarily sent an amount of your choosing, you'd still check the math to make sure you wouldn't have agents knocking on your door, wouldn't you? And that's his point. It's coercion, even if the mafioso doesn't pull out a gun, but just says "wouldn't it be a shame...".
The difference is that it's government, we elect it, we choose to stay here as citizens even as adults (tacit consent), so it *is* a choice, of sorts. (Nevermind the fact that it's not easy to choose to go elsewhere, or that 50.1% is a "mandate". It all comes down to tacit consent, it really is all about the threat of force, there are no purely voluntary societies.)
It's theoretically possible to build bug-free software, sure. I can accept that; a theorist has probably even written a proof for it. But not at a price-point anyone's willing to accept, because of the diminishing returns of investing more time and money into the required documentation, test-harnesses, reviews, proofs, etc. Software products that are still actively maintained will, I believe, trend towards being bug-free, as bugs are found during the course of their use.
But releasing early, with bugs, is overall cheaper than trying to find every single one before initial release. Unless it's a mission-critical, one-shot, life-or-death piece of software, pretty much everyone's willing to go with the lower-cost solution of a "happy medium" amount of rigor.
Even NASA's probes have software bugs, despite everyone knowing ahead of time that they may be unable to upload a patch when the antenna accidentally gets turned the wrong direction, or the computer shuts down permanently, and that the whole project depends on it -- it's still worthwhile to take the risk and launch early, without verifying that every single line of code is in some objective way perfect.
Even famously bug-free software, like Knuth's TeX and METAFONT, didn't get that way overnight -- otherwise they wouldn't have had a need for version numbers. But TeX's asymptotic version numbers (after version 3, once it was already pretty stable)? Beyond being cute, they reinforce what I said above: code gets better over time, slowly approaching correctness. Knuth himself once wrote "Beware of bugs in the above code; I have only proved it correct, not tried it."
You can take your theory, and shove it. Oh, also? Plenty of important software IS bug free. Yeah, [citation needed] on that one.
Just a side comment, but don't you think it's a little insulting to tell scientists who've put blood and sweat into these scientific discoveries that they need to pander to the religious, to pretend to hold some doubt, to lie that they wish they were wrong, to equivocate when no equivocation is really required, to imply and insinuate and hint rather than outright state what they know (inasmuch as you can know anything -- they'll grant you that), just to make people less sad about the religion they have merely because of the location of their birth and the (recursive) beliefs of their ancestry? I'm not normally one to go and try to de-convert the religious (my parents were missionaries, I'd rather just leave peole alone), but does that mean we have to be on eggshells? Besides -- the religious all feel free to call each other's religions (N) mere mythology and outright lies, why should we hold back about N+1 beliefs?
OT: Firebird can be run in 'embedded' mode, much like SQLLite, where the app that uses it loads a DLL that is the entire engine for its own use, but without listening on any sockets when running, and without running all the time (as a service.) That's generally the preferred way to deploy Firebird for single-user desktop apps; it can be "upgraded" to multi-user by swapping out a different client DLL and running a server instance, if that becomes necessary -- or, in your case, the other way around. It's unfortunate that the designers of the app in question weren't more careful.
The slashdot community (mostly engineering backgrounds) is well-placed to estimate the damage that could be done if the terrorists (mostly engineering backgrounds) really put their hearts and minds into it. They're clearly holding back. Lazy bastards.
Trains? Buses? Parking lots? Malls? Our electrical infrastructure? Water? We have unprotected (or less-than-ideally protected) facilities *everywhere*. The TSA can't protect it all. Not even close.
Remember what al-Qaeda's goal was? To *bankrupt* us, by forcing us to protect against all contingencies. They don't HAVE to lift a finger anymore, we do it to ourselves!
It's relatively cheap to protect software against buffer-overflow attacks and the like; the cost-benefit ratio favors fixing the problem, so we fix the problem. Hardware can be designed to be secure before it goes to production, so it's a one-time cost. Scanners/fuzzers/bots make attacks immensely cheap, and targets aren't necessarily chosen ahead of time. Preventing terrorist attacks by trying to protect every target is a different kind of proposition, and we shouldn't take the same fix-everything approach.
If this same money had been spent on medical research, would it have done more good? On infrastructure? On international good-will? On political reform, at home and abroad?
The arguments that result become games of semantics (by necessity), trying to define things as rights. The "right to privacy", for example: some will claim that while never enumerated, because it was so obvious nobody felt the need to do so, it clearly has always existed; others will claim that it's a myth, an entirely imaginary construct, and that calling it a right doesn't make it a right.
What's scary to me is that, even with experience and hindsight, I don't know that we've invented a better solution than the catch-all language they originally used, with its attendant issues. The justice system, I guess? Meh?
What I find terribly funny about this is that both sides accuse the other of supporting invasive government. The conservatives blame the liberals for wanting a strong overbearing nanny-state (motherland) that protects everyone from every disaster, disease, hardship, or aggression and can only do so through inane invasions of privacy (in the name of the children); the liberals accuse the conservatives of wanting a strong overbearing fatherland, hallucinating nuclear-armed boogiemen everywhere, leading to invasions of privacy (in the name of the children) [and a crazy military-industrial complex].
Seriously? How about we just blame idiots who take a good thing too far, rather than trying to pin this on an ideology that, at its root, is probably somewhat justified?
As to the argument at hand: it does not matter that it's *possible* to get from one place to another via other means, making flight a privilege rather than a right. The TSA is already looking to expand into train service, bus service -- there's no logical reason they should stop there. By their same arguments, they can claim that travel by road (especially federal roads!) is a privilege, not a right, and they can stop and search you. Then city governments can do the same for every local road. Sidewalks? What, you want to walk miles across cities designed with cars in mind? (I'm in the flat, cheap, wide-open mid-west now, but grew up in tight european cities -- so I feel the difference.) Walking on sidewalks is a privilege, not a right! In fact, leaving your house is a privilege, not a right. See? There's no good place to stop, once you start going. If you want to make the argument about what's a privilege, and thus subject to control, you really need to define rights properly. The constitution tried to do so, and we've ignored it at our own peril.
I'm what you'd call a Liberal/Progressive. And I don't believe in groping the crotches of Eskimo grandmothers for any other reason that for the pure consensual pleasure of doing so.
Slashdot Mirror
Healthcare is already more expensive and less comprehensive every year, without the ACA. That's a result of a bunch of individuals with insufficient buying power to actually drive down prices, yet stuck in situations (healthcare isn't a luxury when you're sick -- people would always rather go bankrupt than not get care) they have varying control over (you can control your food intake, but the way diseases spread, or your genetic makeup, or the way society has dealt with toxins and mutagens are beyond your practical control) ... trying to get help. I'm sorry that the free market didn't automatically adjust to provide us all with cheap good healthcare. There are niches within the marketplace that the Invisible Hand can't always fix, because the right pressures and options just don't exist. And we already help the poor -- the ACA just makes it more efficient to do what we're already doing.
Equal protection. We write a law that affects "everyone" but only changes things for some. Most people stay on their current insurance, no real change.
The ACA exchanges are specifically designed to (a) help people buy in larger pools for discounts and (b) induce competition between insurance companies, to reduce prices.
Where we don't have as much pressure is in healthcare, because people are not naturally inclined to go to a physician billing himself as the cheapest on the block. We as patients don't know how to evaluate the quality of the care we get, or its value, so we cannot effectively price the services we buy.
Do we have data showing that penalty clauses either (a) guarantee good rollouts or (b) make the process of getting to a good roll-out [eventually] cheaper? It works like insurance, so you wind up paying for it up-front in the contract anyway...
Also, do we have details on what's going wrong or why? I keep seeing headlines frothing at the mouth, but am given short-shrift on details. Things like:
In a blog post, the Department of Health and Human Services said some users of HealthCare.gov "have had trouble creating accounts and logging in to the site, while others have received confusing error messages, or had to wait for slow page loads or forms that failed to respond in a timely fashion."
O...kay?
In other news, Facebook took an outage. They have plenty of incentives to keep their stuff up. Where's the outrage?
What about those of us living in neighborhoods already equipped with clusters? (Oddly, about half the houses were built with curbside boxes too, probably more for looks than anything.) How do the disabled who live in such neighborhoods, which already exist today all around the country, manage?
Answer this, and you've answered yourself.
In any case this doesn't change the old fact that a self-signed cert is at least as good as an unsecured connection and browsers should stop throwing a shit-fit when they run into one.
If you think browsers should instead always notify you when using a trusted CA-signed cert ("Congratulations! This site appears to actually be legit!"), with the default for self-signed and unencrypted communications being silence, yeah, I can kinda see your point. You should default to paranoia, right?
Otherwise, no; the warning issued on self-signed certs is useful because the browser doesn't know ahead of time whether a given site ought to have a CA-signed cert or not; assuming that most will, this is your first clue that your connection to amazon.com may have been compromised by a MitM attack, and what they thought was a secure channel for payment information is not only potentially vulnerable to snooping or modification, but probably being specifically hijacked for some nefarious purpose. That's some important stuff right there.
Self-signed is only fine if the client and server are in a trusted environment, exactly the environment where pre-shared keys are a possibility, so you should have loaded that cert into your client before attempting the connection.
Barring that, and in the 99% of cases where clients are talking to servers out on the wide-open internet, CA's and the warning against self-signed certs serve a very good purpose -- preventing man in the middle attacks during handshake.
If anyone (your ISP and the NSA included) hijacks your initial connection, proxies it, and substitutes their own cert, you need a way to know whether that cert is really from the destination site, or a phony. That's exactly the problem CAs solve. (Other solutions include "web of trust", pre-sharing all important keys, concensus methods, etc.)
At worst, this news means that it's possible NSA (but probably nobody else) has been able to decrypt legitimately encrypted traffic (no MitM attack with substituted keys, just a tap using the real ones) for some services, or if they have CA keys, might have been able to issue their own legit-looking certs, which with some additional work, could have enabled them to perform MitM attacks on arbitrary sites and all of their users.
But this does not mean that self-signed certs are just as good as CA-backed ones in a general sense; if you rely on those, without pre-sharing keys with all clients, then all clients are vulnerable to MitM attacks from anyone with access to modify the communication channel, not just the NSA. And considering the known issues with insecure DNS, that's a much wider field of potential attacks.
all-encompassing system of control, that proceeds from the top of the pyramid down to its base
I feel this statement unduly absolves us as a society from blame for our own surveillance state -- as if we hadn't clamored for safety, as if we hadn't spouted off about having nothing to hide, as if we hadn't secretly distrusted anyone using encryption, anonymous account, or trying to live "off the grid", as if we hadn't openly derided the boys who cried wolf about the coming panopticon. Do you think something of this magnitude is simply ordered from "the top"? We asked for this. The only thing you can complain about is that the people we elected (and those they appointed or hired) to do our bidding, in an effort to more completely obey us, didn't tell us what they were doing. It's like hiring a hitman and having him tell you it's better that you not know the details of the hit you've paid for.
I don't think this is a pyramid. This is an hourglass, or a pinched torus -- we all sit on top of the government, down to a single point of control; which then sits on top of an expanding mass of surveillance state that sits in/on/around all of us. Unless of course you buy into the idea that our elections are rigged, that it's all been run by a cabal for decades/centuries/millenia, etc.
But I think it's much simpler to accept that we did this to ourselves. It doesn't take a roomful of geniuses working secretly, it just takes a nation of average Joe's being themselves. Design by committee, of millions.
I think I saw a /.'er link to this just a few days ago ...
http://www.lawfareblog.com/2011/07/what-ben-franklin-really-said/
Your explanation is fine, but your example is wrong. The silent 'z' in this case would never make the "liaison". But a silent 't' or 's' might. "Ils sont abondants" would likely be said "ilsontabondan".
As far as I can tell, the goal of CORS was purely to prevent someone from repurposing your browser when you visit site X and using your existing SSO/cookies to make authenticated AJAX calls to site Y.
It doesn't set out to address data-leakage that can occur from script injection into Y, where AJAX calls to X might be embedded so as to export your private data (you can guarantee site X will set a * allow-origin header, and Y's opinion is not sought.)
It also doesn't prevent attacks from random web clients who can set their own arbitrary request headers. Nothing prevents you from setting up a proxy-server that changes the origin headers, to grant the whole Internet access to a resource someone wanted to be "only from their own website".
It's a neat little hack, with a very specific goal, which I've found to be poorly explained. People easily get the wrong idea about what CORS was intended to do, and rely on it for more than they should.
But it's been that way, no? There's a reason that religious dominions, for example, have historically been tightly aligned with political and geographical borders. We lived in communities that essentially didn't know any better, and what they suspected, could easily ignore.
I think what causes unrest now is that it actually does take some effort to ignore those other voices; reblogs, ads, etc. keep pushing, in small quantities, opinions we disagree with. We socialized with people during the age of political correctness, only to later discover that we didn't agree with them as much as we thought -- but now we can't just back out. We're trying hard to put our blinders on, and although we don't have a great mixing and homogenization machine in the sky to force us to all see each others' points of view, we get hints, constantly. And it's an irritant, we're on edge, we're in fight-or-flight mode all the time, because we're being attacked, we're sliding down a slippery slope, we're losing the war for our country, there's a tidal surge coming, the end is near, "they" are on our doorstep. We still have that "us vs them" mentality, but now it's being continuously challenged, just enough to make us angry.
a) Our political dialogue is dominated by sound-bites and trite name-calling. Undecided voters are swung by the stupidest things, while the party loyalists can't be swayed even by the best arguments. All you'll get, when you try to have a sane conversation about policy, is stereotypes, generalizations, exaggerations and spin. The fact that someone actually says what they're thinking is just a rare glimpse into how reductionist we are when it comes to politics. We don't have time for all the details. We can't even remember all of them, to even begin to manipulate them into logical thoughts. We must take shortcuts. Once we've heard enough from someone, we just rubber-stamp it with either "awesome" or "fucking stupid", and file it away forever, never to be reconsidered. We have to, because time is short, and there are more important things in life, like food and shelter.
b) Have you tried arguing with religious folks, on a basis of pure logic & fact? It doesn't work. Faith prevents it; faith is the great escape route, the great shield. Any argument you don't like can be avoided or circumvented or overcome (in your own mind) thanks to faith. It's a get-out-of-jail-free card. It's already hard enough (nigh impossible) to convince (forcibly) someone of something logically, when they're set against it, even when they have no faith to fall back on (they can always just "fail to see your point" or "not be convinced yet".) But when they do have faith? It's pointless to even try. You'll just frustrate yourself. So after a while of trying, experience teaches you to stop hurting yourself. Stop bashing your head against a brick wall. Call a spade a spade, and call batshit-crazy religions exactly what they are: batshit-crazy. And be done with it. There's no logical counter-argument to it, so you might as well. It's not an issue of being lazy or incompetent or malicious or cowardly or inconsiderate, just efficient.
It's easy to be concerned about encryption and authentication in a general sense, but no solutions are being offered that would make any sense.
For encryption, who holds which keys? At best, you have thousands of planes flying around with public keys, and hundreds of airports with the private keys? Leaks are bound to happen. Or you use lots of individual keys -- at which point you're likely to have leaks AND synchronization issues, where a tower can't read data from a plane because the key's not in the system. Do you use signing, with towers accepting signed (via chain) certificates from planes they've not seen before? Sure, thankfully the CA system has never failed us, and with so many devices on the market, all assigned valid keys to be useful, you've got craptons of valid keys floating around. Pretty soon, it's like credit-cards, with keys sold in large quantities on the black market. At best, encryption maybe gives you some privacy, which as others have pointed out, the system was never intended to provide. It might also, with uniqueness, prevent a single key from generating more than one ghost at a time, reducing the possible impact; but even a single ghost, properly placed, could cause havoc.
For authentication, you have the same issue as a huge corporate network of users -- either the airplanes themselves, or the pilots -- but regardless, the password management on that looks just as horrid as the key management.
It's not a simple matter of encrypting and authenticating. It's a complex matter of encrypting and authenticating, if that's even desired. The FAA clearly feels it's better to go with heuristic data-scrubbing than to try to enforce a rigid, brittle security scheme that could be silently broken. (Will they notice a single ghost, here and there, causing mischief? What will they do about it? Will the controller who notices be responsible for trying to figure it out, distracting her from important duties? There are useful attacks other than "flood the whole gorram radar display".)
Wonder Woman? Probably the most popular female in all comics... no movie to speak of. Maybe it's all the BDSM from the source material.
My interest in Wonder Woman just went up.
FYI, Google has no idea what you're talking about. The thread is OT anyway, but a link would have been nice, so we can laugh with you. Instead it looks like you either misremember, or never knew what you were talking about in the first place.
The problem is the evolving meaning of the term "socialism". Yes, the threat of force is directly tied to government (of any political stripe), and the association then has to be made with socialism. Is there a difference between requiring people to pay taxes to fund government services? Armed forces? Public roads? Research grants? Education? Healthcare? Retirements? Welfare? At various times, we've drawn a line in the sand and said "beyond lies Socialism", but yes, it's arbitrary. Is it not socialism to "force" people to pool their money to collectively pay for (own) military protection? It's a difference of degree.
The GP's distinction, though, was more absolutist that that: charity (entirely voluntary) vs. compulsion. Whether or not you term it Socialism, for him, it's any coercion at all. It might have been more accurate to say Government, but the word doesn't carry the implication of money redistribution, it's too vague on that point of "how" it achieves its goals. Could you have a government that, without collecting any taxes or running any programs itself, and with no threat of violence, still somehow coordinates the actions of entirely independent agents? In the current world, all governments are to some degree socialist, so it's maybe not unfair for him to use the term.
Personally, though? I find that people are always in favor of encouraging their neighbors to be charitable, while they themselves wait for the government to come and force them. I don't trust people, but I do care about them, and I'd rather have a solution with a budget, stable planned income, and prioritization of the expenditures. And, I guess, the threat of violence. For the sake of the children.
I love people who follow a known character* like Takei:
Monday: OMG, so funny
Tuesday: OMG, so funny, send links to friends
Wednesday: OMG, still so funny
Thursday: OMFG, offensive! REPORT HIM! TAKE HIM AWAY! BURN IT ALL DOWN!
Friday: OMG, so funny
Seriously, WTF?
* funny, blunt, outrageous, etc.
I'm not much for the GP's line of thought, but as to your point: you're no less in prison under restraint and threat if you decide to adopt a zen-like view of it, appreciate the beauty of bare concrete, and fully internalize the usefulness of isolation. Just because you don't choose to test the boundaries of your cage doesn't mean it's not there. The fact that you "pay your taxes" indicates to me that you're just staying barely inside the boundaries: do you pay extra? Do you skip the math, and just send them a check for however much you think the services are worth? Even if you voluntarily sent an amount of your choosing, you'd still check the math to make sure you wouldn't have agents knocking on your door, wouldn't you? And that's his point. It's coercion, even if the mafioso doesn't pull out a gun, but just says "wouldn't it be a shame...".
The difference is that it's government, we elect it, we choose to stay here as citizens even as adults (tacit consent), so it *is* a choice, of sorts. (Nevermind the fact that it's not easy to choose to go elsewhere, or that 50.1% is a "mandate". It all comes down to tacit consent, it really is all about the threat of force, there are no purely voluntary societies.)
It's theoretically possible to build bug-free software, sure. I can accept that; a theorist has probably even written a proof for it. But not at a price-point anyone's willing to accept, because of the diminishing returns of investing more time and money into the required documentation, test-harnesses, reviews, proofs, etc. Software products that are still actively maintained will, I believe, trend towards being bug-free, as bugs are found during the course of their use.
But releasing early, with bugs, is overall cheaper than trying to find every single one before initial release. Unless it's a mission-critical, one-shot, life-or-death piece of software, pretty much everyone's willing to go with the lower-cost solution of a "happy medium" amount of rigor.
Even NASA's probes have software bugs, despite everyone knowing ahead of time that they may be unable to upload a patch when the antenna accidentally gets turned the wrong direction, or the computer shuts down permanently, and that the whole project depends on it -- it's still worthwhile to take the risk and launch early, without verifying that every single line of code is in some objective way perfect.
Even famously bug-free software, like Knuth's TeX and METAFONT, didn't get that way overnight -- otherwise they wouldn't have had a need for version numbers. But TeX's asymptotic version numbers (after version 3, once it was already pretty stable)? Beyond being cute, they reinforce what I said above: code gets better over time, slowly approaching correctness. Knuth himself once wrote "Beware of bugs in the above code; I have only proved it correct, not tried it."
You can take your theory, and shove it. Oh, also? Plenty of important software IS bug free. Yeah, [citation needed] on that one.
Just a side comment, but don't you think it's a little insulting to tell scientists who've put blood and sweat into these scientific discoveries that they need to pander to the religious, to pretend to hold some doubt, to lie that they wish they were wrong, to equivocate when no equivocation is really required, to imply and insinuate and hint rather than outright state what they know (inasmuch as you can know anything -- they'll grant you that), just to make people less sad about the religion they have merely because of the location of their birth and the (recursive) beliefs of their ancestry? I'm not normally one to go and try to de-convert the religious (my parents were missionaries, I'd rather just leave peole alone), but does that mean we have to be on eggshells? Besides -- the religious all feel free to call each other's religions (N) mere mythology and outright lies, why should we hold back about N+1 beliefs?
OT: Firebird can be run in 'embedded' mode, much like SQLLite, where the app that uses it loads a DLL that is the entire engine for its own use, but without listening on any sockets when running, and without running all the time (as a service.) That's generally the preferred way to deploy Firebird for single-user desktop apps; it can be "upgraded" to multi-user by swapping out a different client DLL and running a server instance, if that becomes necessary -- or, in your case, the other way around. It's unfortunate that the designers of the app in question weren't more careful.
The slashdot community (mostly engineering backgrounds) is well-placed to estimate the damage that could be done if the terrorists (mostly engineering backgrounds) really put their hearts and minds into it. They're clearly holding back. Lazy bastards.
Trains? Buses? Parking lots? Malls? Our electrical infrastructure? Water? We have unprotected (or less-than-ideally protected) facilities *everywhere*. The TSA can't protect it all. Not even close.
Remember what al-Qaeda's goal was? To *bankrupt* us, by forcing us to protect against all contingencies. They don't HAVE to lift a finger anymore, we do it to ourselves!
It's relatively cheap to protect software against buffer-overflow attacks and the like; the cost-benefit ratio favors fixing the problem, so we fix the problem. Hardware can be designed to be secure before it goes to production, so it's a one-time cost. Scanners/fuzzers/bots make attacks immensely cheap, and targets aren't necessarily chosen ahead of time.
Preventing terrorist attacks by trying to protect every target is a different kind of proposition, and we shouldn't take the same fix-everything approach.
If this same money had been spent on medical research, would it have done more good? On infrastructure? On international good-will? On political reform, at home and abroad?
The arguments that result become games of semantics (by necessity), trying to define things as rights. The "right to privacy", for example: some will claim that while never enumerated, because it was so obvious nobody felt the need to do so, it clearly has always existed; others will claim that it's a myth, an entirely imaginary construct, and that calling it a right doesn't make it a right.
What's scary to me is that, even with experience and hindsight, I don't know that we've invented a better solution than the catch-all language they originally used, with its attendant issues. The justice system, I guess? Meh?
What I find terribly funny about this is that both sides accuse the other of supporting invasive government. The conservatives blame the liberals for wanting a strong overbearing nanny-state (motherland) that protects everyone from every disaster, disease, hardship, or aggression and can only do so through inane invasions of privacy (in the name of the children); the liberals accuse the conservatives of wanting a strong overbearing fatherland, hallucinating nuclear-armed boogiemen everywhere, leading to invasions of privacy (in the name of the children) [and a crazy military-industrial complex].
Seriously? How about we just blame idiots who take a good thing too far, rather than trying to pin this on an ideology that, at its root, is probably somewhat justified?
As to the argument at hand: it does not matter that it's *possible* to get from one place to another via other means, making flight a privilege rather than a right. The TSA is already looking to expand into train service, bus service -- there's no logical reason they should stop there. By their same arguments, they can claim that travel by road (especially federal roads!) is a privilege, not a right, and they can stop and search you. Then city governments can do the same for every local road. Sidewalks? What, you want to walk miles across cities designed with cars in mind? (I'm in the flat, cheap, wide-open mid-west now, but grew up in tight european cities -- so I feel the difference.) Walking on sidewalks is a privilege, not a right! In fact, leaving your house is a privilege, not a right. See? There's no good place to stop, once you start going. If you want to make the argument about what's a privilege, and thus subject to control, you really need to define rights properly. The constitution tried to do so, and we've ignored it at our own peril.
I'm what you'd call a Liberal/Progressive. And I don't believe in groping the crotches of Eskimo grandmothers for any other reason that for the pure consensual pleasure of doing so.